Billing & Payment Security

Avenor Holdings LLC, operator of the Hab Jobs platform, is committed to ensuring that every payment transaction processed through https://www.habposlovi.com/ is handled with the highest standards of security, transparency, and compliance. This page describes the payment methods we accept, the technology and infrastructure used to protect payment data, the compliance standards we adhere to, and the rights and protections available to paying Users.

All paid services on the Platform are available exclusively to Employers. Candidates use the Platform free of charge and are never asked to submit payment information.

1. Payment Methods Accepted

The Platform accepts the following payment methods for all paid employer services, including job listing credits and subscription plans:

1.1 Credit and Debit Cards

We accept major credit and debit cards processed through Stripe, Inc., our primary payment processor. Accepted card networks include:

• Visa
• Mastercard
• American Express
• Discover (where supported by Stripe in your region)

Card payments are processed in real time. Upon successful authorization, access to the purchased service is granted immediately and a payment confirmation is sent to the registered account email address.

1.2 ACH Direct Debit (United States)

Employers with US-based bank accounts may use ACH (Automated Clearing House) direct debit to pay for Platform services. ACH payments are processed through Stripe's ACH payment infrastructure and are subject to standard ACH processing timeframes, which may range from 1 to 5 business days. Access to purchased services is granted upon confirmation of ACH payment settlement. The Company reserves the right to hold access to paid features pending ACH settlement for new accounts or accounts with a prior history of returned ACH transactions.

1.3 SEPA Direct Debit (European Economic Area)

Employers with bank accounts in SEPA-participating countries may use SEPA Direct Debit to pay for Platform services. SEPA Direct Debit payments are processed through Stripe's SEPA infrastructure and are subject to standard SEPA processing timeframes, typically 2 to 5 business days. A SEPA mandate will be presented to you for authorization before your first SEPA debit is processed. You retain the right to request a refund from your bank for any SEPA debit that was not authorized, subject to applicable SEPA scheme rules.

1.4 Wire Transfer

Wire transfer payments are accepted for annual subscription plans and for purchases exceeding a minimum transaction value as specified by the Company from time to time. To initiate a wire transfer payment, contact info@habposlovi.com with your account details and the service you wish to purchase. The Company will provide wire transfer instructions including bank name, account name, account number, routing number or IBAN/SWIFT/BIC as applicable, and a unique payment reference number.

Wire transfers must include the unique payment reference number provided by the Company. Transfers without a valid reference may not be matched to your account and may result in processing delays. The Company is not responsible for fees charged by the sending or intermediary bank. Access to paid services will be granted within 2 business days of confirmed receipt of cleared funds.

1.5 Additional Payment Methods

The Company may make additional payment methods available through Stripe from time to time, including digital wallets and local payment methods specific to certain regions. Available methods will be displayed at checkout based on your billing country and the capabilities of the payment processor at the time of purchase.

2. Payment Processor: Stripe, Inc.

The primary payment processor for all card, ACH, and SEPA transactions on the Platform is Stripe, Inc. ("Stripe"), a globally recognized and regulated payment technology company headquartered in San Francisco, California, USA. Stripe operates in compliance with applicable financial services regulations across the jurisdictions in which it is licensed, including as a licensed money transmitter in the United States and a regulated electronic money institution in Europe.

When you submit payment information on the Platform, that information is transmitted directly and securely to Stripe's servers using Transport Layer Security (TLS) encryption. Payment data is processed and stored within Stripe's infrastructure, which is certified to the highest industry security standards.

For full details of Stripe's data handling practices, security certifications, and terms of service, please refer to:

• Stripe Privacy Policy: https://stripe.com/privacy
• Stripe Services Agreement: https://stripe.com/legal/ssa
• Stripe Security Overview: https://stripe.com/docs/security

3. PCI-DSS Compliance

The Payment Card Industry Data Security Standard (PCI-DSS) is a globally recognized framework of security requirements designed to protect cardholder data. All card payments processed through the Platform are handled in a manner consistent with PCI-DSS requirements.

Avenor Holdings LLC does not store, process, or transmit full card numbers, card verification values (CVV/CVC), or card expiry dates on its own systems or servers. All sensitive payment card data is handled exclusively within Stripe's PCI-DSS Level 1 certified infrastructure, which represents the highest tier of compliance available under the standard.

Stripe's PCI-DSS Level 1 certification is independently validated annually by a qualified security assessor. Details of Stripe's compliance status are available at https://stripe.com/docs/security.

Our own systems interact with payment data only through Stripe's tokenization system. When you enter card details on the Platform, those details are converted into a non-sensitive token by Stripe's JavaScript library (Stripe.js) before any data reaches our servers. We store only the token reference and metadata such as card type and last four digits for billing and display purposes.

4. Data Security and Encryption

4.1 Data in Transit

All data transmitted between your browser and the Platform's servers is encrypted using TLS (Transport Layer Security) version 1.2 or higher. This ensures that payment data, account credentials, and any other sensitive information cannot be intercepted or read by third parties during transmission.

The Platform enforces HTTPS across all pages. Any attempt to access the Platform over an unencrypted HTTP connection is automatically redirected to HTTPS.

4.2 Data at Rest

Payment card data is not stored on the Company's servers. Non-sensitive billing metadata, including tokenized payment method references, card brand, last four digits, and billing name, may be stored in encrypted form to support subscription management, invoicing, and customer support functions.

Access to stored billing metadata is restricted to authorized Company personnel on a strict need-to-know basis and is protected by role-based access controls, multi-factor authentication, and audit logging.

4.3 Fraud Detection

The Platform uses Stripe's fraud detection and risk management tools, including Stripe Radar, to identify and block suspicious transactions in real time. Stripe Radar uses machine learning models trained on data from millions of global transactions to assess the risk level of each payment and flag or block transactions that exhibit patterns consistent with fraudulent activity.

In addition to automated fraud detection, the Company may perform manual review of transactions that trigger risk thresholds. During a manual review, access to purchased services may be temporarily delayed. You will be notified by email if your payment requires manual review.

4.4 3D Secure Authentication

Where required by applicable regulation (including the EU's Strong Customer Authentication requirements under PSD2) or where Stripe's risk assessment recommends it, payments may be subject to 3D Secure (3DS) authentication. This is an additional verification step conducted by your card issuer that requires you to authenticate the transaction through your bank's app, SMS code, or other method. 3D Secure authentication significantly reduces the risk of unauthorized card use and shifts liability for fraudulent transactions to the card issuer where applicable.

5. Recurring Billing and Subscription Charges

For Employers on subscription plans, the Company charges recurring fees on a monthly or annual basis in accordance with the selected plan. By purchasing a subscription, you authorize Avenor Holdings LLC and Stripe to charge your designated payment method automatically at the start of each billing cycle until the subscription is cancelled.

The following principles apply to recurring billing:

• You will receive an email notification confirming each successful recurring charge, including the amount, date, and billing cycle covered.
• For annual subscriptions, you will receive a renewal reminder by email no fewer than 7 days before the renewal date.
• If a recurring charge fails, Stripe may automatically retry the charge up to three times over a period of several days. You will be notified by email of the failed charge and any retry attempts.
• If a recurring charge cannot be collected after retry attempts are exhausted, access to subscription features may be suspended until payment is resolved.
• You may update your payment method at any time through your Employer account dashboard or by contacting info@habposlovi.com.
• You may cancel your subscription and stop future recurring charges at any time in accordance with the Refund and Cancellation Policy.

6. Invoicing and Payment Records

A payment confirmation is automatically sent to your registered email address following each successful transaction. Payment confirmations include the transaction amount, date, description of the service purchased, and a transaction reference number.

Formal invoices, including VAT-compliant invoices where applicable, are available upon request. To request an invoice, contact info@habposlovi.com with your account details and transaction reference. The Company will issue invoices in US Dollars unless a specific currency is required for local tax compliance purposes, in which case the Company will consider requests on a case-by-case basis.

The Company retains payment records for a minimum of 7 years in compliance with US federal financial record-keeping requirements and to support audits, dispute resolution, and tax reporting obligations.

7. Currency and Pricing

All prices displayed on the Platform are in US Dollars (USD) unless otherwise stated at checkout for specific regions or payment methods. The Company does not apply currency conversion markups. Where your bank or card issuer converts a USD charge to your local currency, any conversion rate or foreign transaction fee applied is determined solely by your financial institution and is beyond the Company's control.

Prices are inclusive of platform access fees only. Any applicable taxes, including VAT, GST, or sales tax, are the responsibility of the purchaser as set out in the Employer Terms and Conditions. The Platform may display applicable tax estimates at checkout based on your billing country, but final tax liability is determined by applicable law in your jurisdiction.

8. Disputed Charges and Chargebacks

8.1 Contacting Us First

If you believe a charge on your account is incorrect, unauthorized, or should be refunded, please contact the Company at info@habposlovi.com before initiating a formal dispute or chargeback with your bank or card issuer. In most cases, billing issues can be resolved faster through direct contact with the Company than through a formal chargeback process.

When contacting us about a disputed charge, please provide:

• Your account email address
• The transaction date and amount
• The transaction reference number from your payment confirmation email
• A description of the reason for the dispute

8.2 Chargeback Process

If you initiate a chargeback with your card issuer or bank without first contacting the Company, we reserve the right to contest the chargeback by providing evidence of the transaction, including purchase records, account activity logs, and confirmation of service delivery. Initiating a chargeback without prior contact with the Company may result in account suspension pending resolution of the dispute.

Where a chargeback is found to be invalid or fraudulent, the Company reserves the right to recover the chargeback amount, any associated fees, and costs of contesting the chargeback from the Employer's account.

8.3 Resolution Timeframe

The Company aims to resolve billing disputes within 10 business days of receiving a complete complaint. Complex disputes involving third-party investigation by Stripe or your financial institution may take longer, and the Company will keep you informed of progress where possible.

9. Regulatory Compliance

Avenor Holdings LLC processes payments in compliance with applicable financial services laws and regulations. Our payment infrastructure is designed to meet the requirements of the following frameworks:

• PCI-DSS (Payment Card Industry Data Security Standard): Cardholder data protection, handled through Stripe's Level 1 certified infrastructure
• PSD2 (EU Payment Services Directive 2): Strong Customer Authentication (SCA) requirements for EU/EEA transactions, implemented through Stripe's 3D Secure integration
• GDPR (General Data Protection Regulation): Processing of personal data in connection with payments is governed by our Privacy Policy and conducted in accordance with GDPR requirements where applicable
• US Bank Secrecy Act and Anti-Money Laundering (AML) requirements: Stripe, as a licensed money transmitter, maintains AML compliance programs applicable to transactions processed on our behalf
• OFAC Sanctions Compliance: Stripe screens transactions against applicable sanctions lists. Payments from sanctioned individuals, entities, or jurisdictions will be declined

10. Security Incident Notification

In the event of a security incident affecting payment data or billing systems, the Company will notify affected Users without undue delay and in accordance with applicable legal notification requirements. Notification will be sent to the registered account email address and will include a description of the nature of the incident, the data affected, the steps the Company has taken to address it, and any steps Users should take to protect themselves.

The Company works with Stripe to monitor for and respond to payment security incidents. Stripe maintains its own incident response program and will notify the Company and applicable regulatory authorities in accordance with its legal obligations.

If you suspect that your payment information may have been compromised in connection with your use of the Platform, please contact us immediately at info@habposlovi.com and contact your card issuer or bank to report the concern.

11. No Storage of Full Card Data

Avenor Holdings LLC confirms that it does not store, log, or retain full payment card numbers, CVV/CVC codes, PINs, or card expiry dates on its own systems at any time. This is a firm operational commitment and not merely a policy statement.

All payment card data entered on the Platform is handled exclusively by Stripe using its client-side tokenization technology (Stripe.js / Stripe Elements). Card data is encrypted and transmitted directly from your browser to Stripe's servers without passing through the Company's own infrastructure. The Company receives only a non-sensitive token that represents your payment method.

This architecture ensures that even in the unlikely event of a compromise of the Company's systems, no full card data would be accessible to an unauthorized party.

12. Contact for Payment and Security Inquiries

For questions about billing, payment security, invoices, disputed charges, or any other payment-related matter, please contact:

Avenor Holdings LLC
Address: 75 E 3rd St, Sheridan, WY 82801, United States
Email: info@habposlovi.com
Website: https://www.habposlovi.com/

For urgent security concerns related to payment data, please mark your email with the subject line "Payment Security Concern" to ensure priority handling.